One would normally want their users not to have access to their session dump dirs. To be on the safe side Pre-create the AUditDir and give only Write permissions to your users, and Full rights to the Administrators and System accounts.
Settings for Terminal Servers
Configure
the server to automatically kill disconnected sessions immediately
To make the Disconnection time
less than a minute start regedit and navigate to this
key:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Set MaxDisconnectionTime to 5000 decimal ( 5 seconds ) Rautor is
fully controllable via certain registry keys. The path is HKLM\Software\Rautor for 32bit windows.
For 64bit windows please try to locate the under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Rautor. In Any case use the RRS.exe utility program to tweak these
settings if you are a private user.
The keys are:
|
LEGALWARNING |
0 or 1 to display a warning that
the session is being logged. Rautor will forcefully
log off users if they decline the warning. |
|
TRIGGER |
0 or 1 Should the application
trigger at all? Sleeper mode! |
|
TRAYICON |
0 or 1 To display a system Tray
Icon or be completely stealth. |
|
DRIVE |
The drive where sessions will be
saved. |
|
AUDITDIR |
Root Directory of where the
sessions will be saved. |
|
SLEEP
|
In Seconds, snapshots are taken
every SLEEP Seconds. |
|
QUANTUM |
Sleep quanta in Milliseconds,
adjust for better key logging. Smaller means more duplicate keyboard presses
caught. Larger means less key presses caught. |
|
KEYLOGGER |
0 or 1 To turn the key logging
module on. |
|
SCREENDUMPER |
0 or 1 Should Rautor take PNG screen dumps at all ? |
|
SCREENSCRAPER |
0 or 1 Scrape screen dumps for
the text contained in them. |
|
FULLSCRAPE |
0 or 1 Scrape text from non
visible windows also. |
|
WINDOWSNAMES |
Comma separated list of
windows’ names that trigger Rautor. i.e. If you insert firefox there
, Rautor will take screen shots only
when The firefox browser is active. Proposed list. Explorer,Messenger,Firefox,Outlook,Inbox |
|
LICENSE |
The license key of your copy if
required. |
|
VERBOSE |
0 or 1 for massive event
logging. |
|
DEBUG |
0 or 1 for even more debugging. |
|
KEEPFILES |
0 or 1 Keep a copy of uploaded
files or delete them. |
|
FTPSERVER |
The server to upload screen
shots at if set. |
|
FTPUSER
|
The FTP server’s username |
|
FTPPASS |
THE FTP user’s password. |
|
UPLOADOLDFILES |
0 or 1 try
to find old session data and upload them. |
|
WEBSERVER |
0 or 1 To enable the embedded
web server. |
|
WEBPORT |
The web server port ( default 2222). |
Inside the root directory one can
find PNG snapshots of the users’ desktop. Also there will be text files
for each of the PNG files that contain as much textual information from the
users’ opened windows as can be gleaned. Finally there exists the file
….-Keyboard.log which contains the each
user’s captured keystrokes, as well as an individual keyboard log file
per screen shot for your perusing.
Rautor reads some registry keys
dynamically, and adjusts itself accordingly.
These keys are:
TRIGGER, SLEEP, QUANTUM, VERBOSE,
WINDOWSNAMES, KEEPFILES, SCREENSCRAPER,
KEYLOGGER, SCREENDUMPER
Back to Free rautor's main page